info@cyberwyoming.org
www.wyocan.org
www.cyberwyoming.org/alliance
307.314.2188, PO Box 2332, Laramie, WY 82073

Business Related Scams Edition

CyberWyoming has received many business related scam reports over the past two weeks. Keep reporting Wyoming – citizen reports will be back next week.

Voice Messaging Scam Email:

If you receive an email from Telecom Center (with the Microsoft logo) at noreply@gluewarehouse.com saying you have a new voice message, this is a scam. The subject line is Telephone Message. Reported by a Boulder (WY) citizen.

Business Email Takeover:

Sometimes the hackers get into a real email account and send malicious emails from it. This was recently reported by a Cheyenne citizen. One of the vendors the citizen’s company did business with had an email account compromised. The email looked real because it came from a trusted source. When an email account is taken over, the hackers search sent mail and look for wording and mimic the look and feel of an email. So, in this case, they sent an email to download a document and that link stole Microsoft Office 365 credentials. CyberWyoming Advice: If you weren’t expecting an email, call before you click. Hover over the button or link to see where it actually goes.

Sharepoint Invoice Scam Email:

A Boulder (WY) citizen reported two emails from noreply@keepapp.net but spoofed as her own company’s “Finance Department” with a subject line including a payment ID, saying that a Sharepoint Excel spreadsheet labeled Financial Reports and Cash Flow Statement had been shared with you, please click to open the document. (Don’t click!)

Microsoft Password Expiring Notification Scam:

A Boulder (WY) citizen reported a general scam sent from admin@wikivet.net but spoofed as her own company’s IT department with the subject line of the date and with a high importance. The only thing attached was a fake Microsoft logo, but it was followed up with an email from info@kartpay.com (also spoofed as her company and with the Microsoft Logo) with fake password reset instructions for her Microsoft account. Then, it was followed up again with a password expiration notice the next day from easonj@seattleu.edu. And, then the hackers tried again from HDSERVICE (junco@royaltown.ro). None of the links go to Microsoft.

Real looking PDF attachment scam email:

A Boulder (WY) citizen reported two very real looking PDF document images saying “You’ve Received New Encrypted Document(s). Click the attachment to view.” The PDF icon was very realistic. The first email was from luc.sentier@fillmed.com spoofed as “Doc ID: 960852” and the “MicrsÒft Team” and the subject line was “Scanner From LBX9217502”. The link went to https://pattie19a8a.clickfunnels.com/fax. The second email was from chris.dixon@trchydraulics.com spoofed as “Doc ID: #824961” and the link went to https://egosselin.clickfunnels.com/adobefax. This citizen also reported a fake voicemail message attachment email from sudamerica@fpz.com spoofed as “Doc ID: 762910” with a similar subject line and from the “LogMeIn Team” but the attachment did not go to their voicemail server or Google Sheets as claimed and instead directed the user to https://egosselin.clickfunnels.com/adobefax.

Bruce Banner (aka the Hulk) is Not Offering Digital Marketing Services:

Sometimes scammers use fictional character names. A Laramie citizen reported that Bruce Banner at brucebanner718@yahoo.com is offering digital marketing services from a non-specified marketing company. Don’t take the bait.

Image Editing & Retouching Services Scam:

A Laramie citizen reported an email from Shruti Choudhary

at shrutichoudhary25@outlook.com with the subject line of “Image Editing & Retouching Services” for a

nonspecific company.

Scambusters.org Self-Employed & Business Scam Alerts:

  • The Pandemic Unemployment Assistance (PUA) program was set up to help the self-employed and gig workers by providing benefits if their work dried up. But because of the scale and urgency of the help, intended to be a form of unemployment benefit, some of the money has ended up in the wrong hands. Scammers have been using victims' names and business details that have been stolen on the Internet to claim up to $20,000 a time.
  • Some self-employed individuals and small firms have fallen into the grasp of high-interest lenders who, while operating inside the law, may bury some of their costly terms in the small print of contracts -- or fail to disclose them at all.
  • Business advertising con tricks: Victims are lured into paying for ads in brochures, programs and calendars, which either don't exist or have only a tiny print run. The scammers may also falsely promise no competitors will be allowed in the same publication. And they use high-pressure sales pitches.
  • Extortion: Website owners who allow Google pay-per-click ads to be placed on their pages receive threats from scammers that they will have them banned by Google. The crooks threaten to bombard the ads with clicks, which will make it look like the site owner is trying to defraud the web giant. If you receive this type of threat, you should contact Google immediately and make them aware you're being targeted.
  • Package delivery notification: This is a variation of a well-established scam. In this instance, victims get an email telling them to schedule a delivery from Amazon Business. The message doesn't specify what the supposed shipment is, but it contains a link that takes recipients to a fake Amazon page that steals their sign-on information.
  • Fake trademark notifications: Many new businesses want to protect their brand by registering a trademark with the US Patent and Trademark Office (USPTO). The organization reports a big rise on fake emails claiming to be from them and advising recipients to pay a large sum or face losing their trademark.

FTC Income Scam Alert:

You should never have to pay to get a job. The FTC just announced actions against a company called 8 Figure Dream Lifestyle as an income scam. Often these scams are disguised as legitimate business offers, coaching programs or investment opportunities.

MS-ISAC Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) has published a patch now (update your software) alert for Google’s Android operating system, the on premises version of Microsoft Exchange Server, and Google’s chrome browser products. If you use these products, make sure the software (or firmware) updated.

Other ways to report a scam:

Other Blogs